IN THE CLAIMS : 

Please add claims 32-38 as follows. 

1 . (Previously Presented) A method, comprising: 

maintaining in a mobile communication system subscriber's location information; 

receiving a message from subscriber's user equipment, said message indicating 
that an address of a certificate provisioning gateway for certificate issuance and delivery 
procedure in a visited network is requested by the subscriber's user equipment, the 
certificate provisioning gateway serving at least one certificate authority; and 

determining, in response to receiving the message, on the basis of the subscriber's 
location information the address of the certificate provisioning gateway. 

2. (Previously Presented) The method of claim 1, further comprising: 
receiving in the message from subscriber's user equipment further the address of 

the certificate provisioning gateway; 

checking whether or not the address which the message indicated corresponds to 
the address determined on the basis of the location information; and 

if they do not correspond to each other, using the address determined on the basis 
of the location information. 

3. (Previously Presented) The method of claim 1, further comprising: 
receiving further in the message subscriber's location information; 
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checking whether or not the location information in the message corresponds to 
the location information maintained in the system; and 

using the maintained location information if it does not correspond to the location 
information in the message. 

4. (Previously Presented) A method, comprising: 

receiving in a mobile communication system a message from subscriber's user 
equipment, the message indicating subscriber's location information in a visited network 
of the subscriber; and 

determining, in response to the message, on the basis of the subscriber's location 
information an address of a certificate provisioning gateway in the visited network, the 
certificate provisioning gateway serving at least one certificate authority, wherein the 
address of the certificate provisioning gateway is determined for certificate issuance and 
delivery procedure in the visited network. 

5. (Previously Presented) The method of claim 4, further comprising: 
receiving in the message from subscriber's user equipment further a global cell 

identifier which indicates the subscriber's location information. 

6. (Previously Presented) A method, comprising: 
authenticating the subscriber; and 
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transmitting during the subscriber authentication to the user equipment at least part 
of the information required for obtaining a certificate from a certificate issuance service 
in another network than a home network in a mobile communication system after the 
subscriber authentication, the part of the information including at least one from a group 
comprising an address of a certificate provisioning gateway via which the certificate 
issuance service is provided in the other network, the certificate provisioning gateway 
serving at least one certificate authority, a public key required for the certificate issuance 
service in the other network, and an indication of the protocol required for the certificate 
issuance service in the other network. 

7. (Previously Presented) The method of claim 6, further comprising: 
performing the authentication as an application level authentication. 

8. (Previously Presented) The method of claim 6, further comprising: 
utilizing said part of the information during a certificate issuance procedure after 

the authentication in a visited network by the user equipment. 

9. (Previously Presented) The method of claim 6, further comprising: 
transmitting in said part of the information location network specific information. 



10-12. (Cancelled) 
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13. (Previously Presented) The method of claim 6, further comprising, when said 
part of the information includes at least the address of the certificate provisioning 
gateway via which the certificate issuance service is provided, transmitting from the user 
equipment a certificate request to the certificate provisioning gateway. 

14. (Previously Presented) A method, comprising: 
authenticating a subscriber; 

receiving, from subscriber's user equipment, a message relating to a certificate 
issuance service in another network than a home network in a mobile communication 
system; and 

transmitting, in response to the message, to the user equipment in a reply message 
at least part of information required for obtaining a certificate from the certificate 
issuance service in the other network, the part of the information including at least one 
from a group comprising an address of a certificate provisioning gateway via which the 
certificate issuance service is provided in the other network, the certificate provisioning 
gateway serving at least one certificate authority, a public key required for the certificate 
issuance service in the other network, and an indication of the protocol required for the 
certificate issuance service in the other network. 

15. (Previously Presented) The method of claim 14, further comprising: 
transmitting the message and the reply message in an integrity protected channel. 
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16. (Cancelled) 

17. (Previously Presented) The method of claim 14, further comprising, when said 
part of the information includes at least the address of the certificate provisioning 
gateway via which the certificate issuance service is provided, transmitting from the user 
equipment a certificate request to the certificate provisioning gateway. 

18-20. (Cancelled) 

21. (Previously Presented) A mobile communication system, comprising: 

at least user equipment; 

a home network for the user equipment; and 

a visited network comprising at least a certificate provisioning gateway for a 
certificate issuance and delivery procedure, said certificate provisioning gateway serving 
a certificate authority, wherein an address of the certificate provisioning gateway is 
determined on the basis of location information of the user equipment in response to a 
sent message from the user equipment, said message indicating that an address of a 
certificate provisioning gateway for certificate issuance and delivery procedure in a 
visited network is requested by the user equipment . 



-6- 



ApplicationNo.: 10/705,396 



22. (Cancelled) 



23. (Previously Presented) The system of claim 21 further comprising: 

a gateway network for certificate requests in a home network of the user 
equipment, the gateway network being configured to perform the certificate provisioning 
gateway address determination. 

24. (Previously Presented) The method of claim 1, further comprising: 
configuring the message to comprise subscriber's location information; 
checking whether or not the location information in the message corresponds to 

the location information maintained in the system; and 

if it does not correspond to the location information in the message, sending an 
error indication by using the maintained location information. 

25. (Previously Presented) The method of claim 1, further comprising: 
configuring the message to comprise subscriber's location information; 
checking whether or not the location information in the message corresponds to 

the location information maintained in the system; and 

using the location information in the message if it does not correspond to the 
maintained location information. 
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26. (Previously Presented) The method of claim 1, further comprising: 
configuring the message to comprise subscriber's location information; 
checking whether or not the location information in the message corresponds to 

the location information maintained in the system; and 

if it does not correspond to the maintained location information, sending an error 
indication by using the location information in the message. 

27. (Previously Presented) A method, comprising: 
authenticating a subscriber; and 

transmitting after the authentication via an authenticated channel to subscriber's 
user equipment at least part of information required for a certificate issuance service in 
another network than a home network of the subscriber, said at least part of the 
information containing information required for obtaining a certificate from the 
certificate issuance service in the other network. 

28. (Previously Presented) A certificate provisioning gateway serving a certificate 
authority in a mobile communication system, wherein the certificate provisioning 
gateway is in a home network of a subscriber and is configured to determine, in response 
to receiving a message indicating a request for a certificate issuance service from the 
subscriber, an address of another certificate provisioning gateway required for providing 
the certificate issuance service for the subscriber on the basis of subscriber's location 
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information, said another certificate provisioning gateway being in another network than 
the home network. 

29. (Previously Presented) The certificate provisioning gateway of claim 28, 
wherein the other certificate provisioning gateway is in a visited network. 

30. (Previously Presented) User equipment in a mobile communication system, 
wherein the user equipment is configured to receive at least part of information required 
for a certificate issuance service in a location network of the user equipment after the user 
equipment has been authenticated, said location network being a visited network and said 
at least part of the information containing information required for obtaining a certificate 
from the certificate issuance service in the visited network. 

31. (Previously Presented) The user equipment of claim 30, wherein the user 
equipment is arranged to receive said part of the information from a certificate 
provisioning gateway with which the user equipment was authenticated, the certificate 
provisioning gateway being in a home network. 

32. (New) The certificate provisioning gateway of claim 28, wherein the 
certificate provisioning gateway is configured, in response to receiving in the message 
further an address of a certificate provisioning gateway, to check whether or not the 
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address which the message indicated corresponds to the address determined on the basis 
of the location information; and if they do not correspond to each other, to select the 
address determined on the basis of the location information. 

33. (New) The certificate provisioning gateway of claim 28, wherein the 
certificate provisioning gateway is configured, in response to receiving in the message 
subscriber's location information, to check whether or not the location information in the 
message corresponds to the location information maintained in the system; and to use the 
maintained location information if it does not correspond to the location information in 
the message. 

34. (New) The certificate provisioning gateway of claim 28, wherein the 
certificate provisioning gateway is configured, in response to receiving in the message 
subscriber's location information, to check whether or not the location information in the 
message corresponds to the location information maintained in the system; and if it does 
not correspond to the location information in the message, to send an error indication by 
using the maintained location information. 

35. (New) The certificate provisioning gateway of claim 28, wherein the 
certificate provisioning gateway is configured, in response to receiving in the message 
subscriber's location information, to check whether or not the location information in the 
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message corresponds to the location information maintained in the system; and to use the 
location information in the message if it does not correspond to the maintained location 
information. 

36. (New) The certificate provisioning gateway of claim 28, wherein the 
certificate provisioning gateway is configured, in response to receiving in the message 
subscriber's location information, to check whether or not the location information in the 
message corresponds to the location information maintained in the system; and if it does 
not correspond to the maintained location information, to send an error indication by 
using the location information in the message. 

37. (New) The method as claimed in claim 1, wherein a certificate authority is a 
trusted third party. 

38. (New) The method as claimed in claim 1, wherein a certificate authority is a 
trusted third party and does not include an authorization, authentication and accounting 
server. 
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